While building my first Domain Joined Windows 10 RTM system I discovered that the System Center Configuration Manager 2012 R2 client would not install. After reviewing the installation log, I discovered that the error code was "0x80070307". After a little research I discovered that this is due to SCCM trying to install the Windows Update Agent on the Windows 10 machine that is either already there or is older than the one on Windows 10 out of the box. The work around was simple, but it did not address Group Policy Deployments which, in the past, were not Operating System specific, rather they were just a blanket policy that covered everything.

select * from Win32_OperatingSystem where Version like "6.%" or Version like "5.%"

*note: this will get Vista-8.1 and 2003-2012R2

Click "OK", you should now see your two new WMI filters.

Go back to "Group Policy Objects" and locate both your old and your new SCCM GPO's.

Left click each GPO and on the very bottom of the "Scope" tab, choose your WMI filter for the appropriate Operating System, repeat for both GPO's.

Lastly, assign your new Windows 10 GPO to the appropriate OU(s).

Next you can confirm that your WMI settings are working on each OS type:

Shift+Right click CMD and chose "Run and Administrator"

Type "gpupdate / force"

Type "gpresult /z >> c:\temp\log.log

Review the logs on each to make sure, they should look something like the below:

Now that you have confirmed that your new GPO with WMI filter is applied, simply reboot your Windows 10 computer and re-check your ccmsetup status.You should see "Configuration Manger" in control panel within a few second of your reboot. If not, review logs.

Open the "Personal > Certificates" and right click your existing certificate, choose "Delete from the options.

Right click any open space where your old certificate was and choose "Import".

Navigate to your new certificate, specify the certificate password and continue through the prompts.

Once you see the new certificate in the MMC, double click it and choose the "Details" tab. Scroll down to "Thumb Print" and click it one time. You will see a series of letters and numbers in the bottom window. Copy those numbers and paste them into a blank Notepad document. Move Notepad aside but do not close it.

Close the Certificates MMC.

Open AD FS Management and navigate to AD FS > Service > Certificates.

On the right side, click "Set Service Communications Certificate" and chose your new certificate.

Close AD FS Management.

Back to NotePad, Delete all the spaces from your pasted text.

Copy the thumb print (CTRL+C).

Launch PowerShell as Administrator.

In Powershell, type: Set-AdfsSslCertificate

When prompted for the Thumb Print, press CTRL+V to paste your certificate thumb print into PowerShell and press enter.

Close PowerShell.

Open Services and restart the ADFS Service.

Launch your ADFS portal and confirm your new certificate is being used.

"The EC-Council CCISO Body of Knowledge covers all five the CCISO Information Security Management Domains in depth and was written by seasoned CISOs for current and aspiring CISOs. Domain 1 covers the Policy, Legal, and Compliance aspects of Governance. Domain 2 delves into the all-important topic of audit management from the CISO’s perspective and also covers IS controls. Domain 3 covers the Role of the CISO from a Project and Operations Management perspective. Domain 4 summarizes the technical aspects that CISOs manage in their day-to-day jobs, but from an executive standpoint. Domain 5 is all about Strategic Planning and Finance – crucial areas for C-Level executives to understand in order to succeed and drive information security throughout their organizations."

A discounted training voucher can be found at the below link, limited time only:

In some cases users in an Active Directory environment may see repeated lockouts after a recent password change. This is commonly associated with forgetting their new password, forgetting that they are logged onto another machine or server somewhere, or their old credentials are cached.

If after you have rebooted the machine, checked domain logs to try to figure out where accounts may be logged in, deleted Temporary Internet Files and you are at your whits end, cached credentials may likely be your culprit.

On your affected machine, run the blow command and delete any cached credentials that appear. This would especially be relevant if you are using a Proxy server.